Surely they have access otherwise how do they moderate and investigate account blocks, reports of spam etc. Accounts get suspended, then some automation reviews it, then it escalates to a human, who will have to make a judgement based on some policy. How can they do that if they see nothing? (I'm asking not condoning).
Why not add a basic http Auth to the site? Most web hosts provide a simple way to protect a site or directory.
You can have a simple username and pass for humans, but it will stop scrapers as they won't get past the Auth challenge unless they know the details.
I'm pretty sure you can even show login details in the Auth dialog, if you wanted to, rather than pre sharing them.
I didn't say I was offended.